From 4f25eedf9065f28badf1e5e1df6c925062d8279e Mon Sep 17 00:00:00 2001
From: "mkanat%kerio.com" <>
Date: Fri, 8 Jul 2005 09:31:41 +0000
Subject: Bug 285695: [PostgreSQL] Username checks for login, etc. need to be
 case insensitive Patch By Max Kanat-Alexander <mkanat@bugzilla.org>
 r=LpSolit, a=justdave

---
 Bugzilla/Auth/Login/WWW/Env.pm |  3 ++-
 Bugzilla/Auth/Verify/DB.pm     | 20 ++++++--------------
 Bugzilla/Auth/Verify/LDAP.pm   |  3 ++-
 3 files changed, 10 insertions(+), 16 deletions(-)

(limited to 'Bugzilla/Auth')

diff --git a/Bugzilla/Auth/Login/WWW/Env.pm b/Bugzilla/Auth/Login/WWW/Env.pm
index 2f29d570f..985393206 100644
--- a/Bugzilla/Auth/Login/WWW/Env.pm
+++ b/Bugzilla/Auth/Login/WWW/Env.pm
@@ -84,7 +84,8 @@ sub login {
             # also sent), and the id, so that we have a way of telling that we
             # got something instead of a bunch of NULLs
             $sth = $dbh->prepare("SELECT extern_id, userid, disabledtext " .
-                                 "FROM profiles WHERE login_name=?");
+                                 "FROM profiles WHERE " .
+                                 $dbh->sql_istrcmp('login_name', '?'));
             $sth->execute($env_email);
 
             $sth->execute();
diff --git a/Bugzilla/Auth/Verify/DB.pm b/Bugzilla/Auth/Verify/DB.pm
index 1d5c6850c..4a45e81e7 100644
--- a/Bugzilla/Auth/Verify/DB.pm
+++ b/Bugzilla/Auth/Verify/DB.pm
@@ -34,6 +34,10 @@ use strict;
 use Bugzilla::Config;
 use Bugzilla::Constants;
 use Bugzilla::Util;
+# Because of the screwy way that Auth works, it thinks
+# that we're redefining subroutines if we "use" anything
+# that "uses" Bugzilla::Auth.
+require Bugzilla::User;
 
 my $edit_options = {
     'new' => 1,
@@ -52,11 +56,8 @@ sub authenticate {
 
     return (AUTH_NODATA) unless defined $username && defined $passwd;
 
-    # We're just testing against the db: any value is ok
-    trick_taint($username);
-
-    my $userid = $class->get_id_from_username($username);
-    return (AUTH_LOGINFAILED) unless defined $userid;
+    my $userid = Bugzilla::User::login_to_id($username);
+    return (AUTH_LOGINFAILED) unless $userid;
 
     return (AUTH_LOGINFAILED, $userid) 
         unless $class->check_password($userid, $passwd);
@@ -74,15 +75,6 @@ sub authenticate {
     return (AUTH_OK, $userid);
 }
 
-sub get_id_from_username {
-    my ($class, $username) = @_;
-    my $dbh = Bugzilla->dbh;
-    my $sth = $dbh->prepare_cached("SELECT userid FROM profiles " .
-                                   "WHERE login_name=?");
-    my ($userid) = $dbh->selectrow_array($sth, undef, $username);
-    return $userid;
-}
-
 sub get_disabled {
     my ($class, $userid) = @_;
     my $dbh = Bugzilla->dbh;
diff --git a/Bugzilla/Auth/Verify/LDAP.pm b/Bugzilla/Auth/Verify/LDAP.pm
index 551a70f45..ee58f9d7e 100644
--- a/Bugzilla/Auth/Verify/LDAP.pm
+++ b/Bugzilla/Auth/Verify/LDAP.pm
@@ -137,7 +137,8 @@ sub authenticate {
     my $dbh = Bugzilla->dbh;
     my $sth = $dbh->prepare_cached("SELECT userid, disabledtext " .
                                    "FROM profiles " .
-                                   "WHERE login_name=?");
+                                   "WHERE " .
+                                   $dbh->sql_istrcmp('login_name', '?'));
     my ($userid, $disabledtext) =
       $dbh->selectrow_array($sth,
                             undef,
-- 
cgit v1.2.3-24-g4f1b